FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
456 views 13 comments
by anonymous

Hallo everyone,

I have a OpenVPN server on a Intel NUC.
I have a PC with a client to the server.
And olso a 4G router (Teltonica RUT955) with a client to the server.

now is it so that i can from te PC trou the vpn can come to the front door of the 4G router.
but i want to come in the network in the 4G router.
I have testet whit a puch route but then the 4G router dont fint it funny.
Now I make it with a route on the client. but it dont't works.

I whant with my pc from the 172.0.10.xx to 10.0.152.xx and to 10.0.151xx
And from the 10.0.152.xx whant i go to 10.0.151.xx
And from the 10.0.151.xx whant i go to 10.0.152.xx

Can sombody help me?

Noël


# Server script
port 1194
proto tcp4
dev tun
topology subnet
server 172.0.10.0 255.255.255.0
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
keepalive 10 120
cipher AES-256-CBC
data-ciphers AES-256-CBC
persist-key
persist-tun
verb 3
client-to-client
client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\log\\ip.txt" 0

route 10.0.152.0 255.255.255.0


# Client PC

client
dev tun
proto tcp4
remote xxx 1194
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert El_Sayed.crt
key El_Sayed.key
remote-cert-tls server
cipher AES-256-CBC
data-ciphers AES-256-CBC
route 10.0.151.0 255.255.255.0
route 10.0.152.0 255.255.255.0
auth-nocache
verb 3

# 4G router RUT955

client
dev tun
proto tcp4
remote xxx 1194
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert Aspergekachel_2.crt
key Aspergekachel_2.key
remote-cert-tls server
cipher AES-256-CBC
data-ciphers AES-256-CBC
route 10.0.151.0 255.255.255.0
auth-nocache
verb 3

1 Answer

0 votes
by anonymous

Hi,

Are you trying to access the RUT955 LAN network from your server? Is that correct?

Is the LAN network of the Aspergekachel_2 client added on the server? What are the contents of the file for Aspergekachel_2 in C:\\Program Files\\OpenVPN\\config\\ccd)

Also, please, provide a topology with IP addresses/networks and a troubleshoot file. Troubleshoot file can be downloaded from System -> Administration -> Troubleshoot.

Kind Regards,

Andzej

by anonymous

Hello,

Yes I added a file "Aspergekachel_2.ovpn" and "Aspergekachel_2.ccd" both 1 line with "iroute 10.0.152.0 255.255.255.0"

Network topologie

Troubleshoot file

but it don't works.

What do I wrong?

greetings Noël

by anonymous

Hi,

Is the firewall on the device in 10.0.152.x network configured to accept traffic?

Can you reach openvpn server from the device in 10.0.152.x network?

Also, you are using 172.0.10.x network, but this is a public IP range. The private IPs are from 172.16.0.0 to 172.31.255.255. While this is probably not the issue, it can potentially cause conflicts and connectivity issues.

I've noticed that you are running the legacy firmware version. Would it be possible for you to update to the latest firmware version with 'keep settings' option turned off? You will need to reconfigure the device as the configurations will be erased.

Could you connect to your router via SSH and run TCPdump, then try connecting from your client PC to the device in LAN to see if traffic is forwarded?

  • opkg update
  • opkg install tcpdump
  • tcpdump host 172.0.10.8

Are packets coming from the Client's PC? Are they forwarded to the device in LAN? Are any packets going back from the device? If not, then it is likely the issue with configuration on the server/client PC.

You can also save TCPdump to a file via:

  •  tcpdump host 172.0.10.8-w /tmp/ovpnlogs.pcap

You can then download the file from the router using SCP/WinSCP.

Kind Regards,

Andzej

by anonymous

Hello,

i have updated to the newest version.

i have also make the ip changes 172.16.10.0/24

i cant make tcpdump becase there is a foult in the server

foult screen

but i don't know whats wrong.

this is whats in de ccd file

can you help me?

Noël

by anonymous

Hi,

Could you try putting the following to your ccd file (only these 2 lines):

ifconfig-push 172.16.10.4 172.16.10.1

iroute 10.0.152.0 255.255.255.0

Kind Regards,

Andzej

by anonymous
Thank you Andzej,

It is working

greatings Noël
by anonymous
Hi,

Glad to hear that your issue has been resolved. Thank you for letting me know!

Have a great day!

Kind Regards,

Andzej
by anonymous

Hello Andzej

It works great.

From my PC tot de VPN to the 2x 4G routers.

But from de Lan network from the 4G router troug the VPN to the other lan network from the 4G router

from 10.0.151.1 to 172.16.10.1 (VPN server) works good.
from 10.0.152.1 to 172.16.10.1 (VPN server) works good.
from 10.0.151.1 to 10.0.152.1 works not.
from 10.0.152.1 to 10.0.151.1 works not.

from my one pc 172.16.10.10 (VPN adres) can i go to 10.0.151.1 en 10.0.152.1

Firewall instellingen

can you help me to get it works?

greatings Noël.

by anonymous

Hi,

Make sure the server has 'client-to-client' option in the OpenVPN configuration.

Also, configure routes in ccd's as follows:

Aspergekachel_2:

ifconfig-push 172.16.10.4 172.16.10.1

iroute 10.0.152.0 255.255.255.0

push "route 10.0.151.0 255.255.255.0"

Aspergekachel_1 (change x to the VPN endpoint IP of your Aspergekachel_1 RUT, like 172.16.10.4 in Aspergekachel_2):

ifconfig-push 172.16.10.x 172.16.10.1

iroute 10.0.151.0 255.255.255.0

push "route 10.0.152.0 255.255.255.0"

Let me know if this helps.

Kind Regards,

Andzej

by anonymous

Hello Andzej,

I have do that but its not working.


script server
port 1194
proto tcp4
dev tun

topology subnet
server 172.16.10.0 255.255.255.0

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"

keepalive 10 120
cipher AES-256-CBC
data-ciphers AES-256-CBC
persist-key
persist-tun
verb 3

client-to-client

client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"

route 10.0.151.0 255.255.255.0
route 10.0.152.0 255.255.255.0

push "route 172.16.10.0 255.255.255.0"
push "route 10.0.110.0 255.255.255.0"
push "route 10.0.120.0 255.255.255.0"
push "route 10.0.151.0 255.255.255.0"
push "route 10.0.152.0 255.255.255.0"


ccd file aspergekachel 1
ifconfig-push 172.16.10.151 255.255.255.0
iroute 10.0.151.0 255.255.255.0


ccd file aspergekachel 2
ifconfig-push 172.16.10.152 255.255.255.0
iroute 10.0.152.0 255.255.255.0


Its working this configuratie.
Only when i ping from the 151 to 152 or 152 to 151 it dosnt work.

I hope you can help me

Greatings Noël

by anonymous
Hi,

Can you execute 'route -n' on your RUT routers? Do they have routes to each other? 10.0.151.0/24 on Aspergekachel_2 and 10.0.152.0/24 on Aspergekachel_1 ?

Kind Regards,

Andzej
by anonymous
Hi,

if i print route on 10.0.151.1

root@Teltonika-RUT955:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     2      0        0 wwan0
10.0.110.0      172.16.10.1     255.255.255.0   UG    0      0        0 wwan0
10.0.120.0      172.16.10.1     255.255.255.0   UG    0      0        0 wwan0
10.0.151.0      0.0.0.0         255.255.255.0   U     0      0        0 br-lan
10.0.152.0      172.16.10.1     255.255.255.0   UG    0      0        0 wwan0
100.90.195.39   0.0.0.0         255.255.255.255 UH    2      0        0 wwan0
172.16.10.0     172.16.10.1     255.255.255.0   UG    0      0        0 tun_c_El_Sayed

Greatings Noël
by anonymous
Hi,

The route to 10.0.152.0 should use tun_c_El_Sayed interface and not wwan0.

I have sent you a private message.

Kind Regards,

Andzej
by anonymous
Hello Andzej,

sorry for the late reaction it is all working now.

Thank you for all your help.

but i have stil one more question.

how can i make new certificates for new routers in openvpn?

alle the files on the internet that i found dosn't works.

i hope you can help me.

greatings noel